Privacy Statement for KeyChain Pay

Last updated: May 2024

By visiting our website at https://uk.keychainpay.com or installing or using the KeyChain Pay software, you acknowledge, agree (and, where relevant) consent that your Personal Information (as defined below) will be handled as described in this Privacy Statement.

KeyChain FinTech (UK) Limited (referred to as the ‘Company’, or ‘We’) is the data controller and will handle all user information concerned with the Company’s KeyChain Pay service and all its related services (hereinafter referred to collectively as “KeyChain Pay” or ‘Service’) in accordance with the following.

INFORMATION WE COLLECT FROM YOU

We are committed to protecting your privacy while providing you with the Service and access to this website. The operation of the website or Service may require collection and use of your personal information as set out below (“Personal Information”). What information the Company collects or receives from you depends on how you use the Website or Service, which may include the following (or any other information which may be deemed personal data under applicable law):

Contact Data:	Name Phone Email Address (tenant only) Any other identifiers (such as social media handle) that you provide to us
Payment Data:	Debit / Credit card issuing bank (tenant only NOT applicable for Apple Pay / Google Pay) Debit / Credit card last 4 digits (tenant only, NOT applicable for Apple Pay / Google Pay; entire Debit / Credit card numbers will NOT be kept by the Company but it will be processed by a PCI compliance gateway) Bank name (landlord only) Beneficiary name (landlord only) Account number (landlord only)
Device Data:	Type of computer, tablet or mobile device you use Unique device identifier (for example, your device's IMEI number, or the MAC address of the device's wireless network interface) IP address Mobile network information, your mobile or computer operating system Type of mobile or web browser you use, browser plug-in types and versions, time zone setting and other technology on the devices you use to access this website or the Service
Usage Data:	Details of your use of our website or Service, including traffic data, data about your communications with us, data that logs how you browse the website

How is your Personal Information collected?

When you provide your Personal Information to the Company using KeyChain Pay, the Company receives and stores this information in order to provide the Service and respond to your user needs and requests. You can choose not to provide your Personal Information, but then you might not be able to take advantage of all the features in KeyChain Pay or the website.

We may also receive Personal Information about you from third parties, such as from your landlord if you are a tenant, or from analytics service providers.

Special Categories of Personal Information

Under certain data protection laws (such as the EU and UK GDPR), there are special categories of Personal Information (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
We do not collect any special categories of Personal Information, or any information about criminal convictions and offences from our website visitors.

HOW WE USE YOUR PERSONAL INFORMATION

We only use your Personal Information where the law allows us to do so. The table below sets out the ways in which we use your Personal Information (together with the lawful basis that we will rely on to process your Personal Information). Please note that we may process your Personal Information for more than one lawful basis, depending on the specific purpose for which we are using your Personal Information.

Purpose/activity	Type of data	Lawful basis for processing
To register you as a new user of the Service and to give you usage of the Service	Contact Data Device Data	Your consent Performance of a contract with you
To manage our relationship with you including notifying you of changes to the Service or Website	Contact Data	Your consent Performance of a contract with you Necessary for our legitimate interests (to keep records updated and to analyse how customers use our website / Service) Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions)
To process payments to or from you as part of the Service	Contact Data Payment Data	Your consent Performance of a contract with you Necessary for our legitimate interests (for identification purposes and prevention of any unauthorised/fraudulent practices which interfere with normal Service)
To administer and protect our business and the Service including troubleshooting, data analysis and system testing	Contact Data Device Data	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)
To use data analytics to improve our technology, products/services, marketing, customer relationships and experiences	Device Data Usage Data	Necessary for our legitimate interests (to better understand how users access and use our products and services, including KeyChain Pay, on an aggregated and individualised basis, for the purposes of improving our products and services, and to respond to customer desires and preferences)
To respond to any enquiries or requests from you	Contact Data Device Data Usage Data	Necessary for our legitimate interests (to send you messages, to improve our products and services by providing personalised experiences and recommendations, language and location customisation, personalised help and instructions, or other responses to your and other customers’ usage of our products and services)
To make suggestions and recommendations to you about products or services that may be of interest to you	Contact Data Device Data Usage Data	Necessary for our legitimate interests (to offer you content, services, and special offers)

DISCLOSURES OF YOUR PERSONAL INFORMATION

We may disclose Personal information about you to the following third parties:

our subsidiaries or affiliates
service providers acting as data processors, including any payment gateways or card acquirers
our professional advisors acting as data controllers or data processors including lawyers, bankers, auditors and insurers
Financial Conduct Authority, HM Revenue and Customs, regulators and other authorities in the UK acting as data controllers
third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

These parties will only process your Personal Information to assist the Company with operating the website and Service and only for the purposes listed in the table above. We will protect your privacy and third parties are not authorised to use your Personal Information for third party marketing purposes.

The Company reserves the right to disclose your Personal Information when we believe such disclosure is required to comply with the law, judicial proceeding, court order or other legal process; to enforce or apply the terms of the T&C; or to protect the rights, property, or safety of the Company, our employees, our users, or others. This includes exchanging Personal Information with banks and other companies and organisations (such as law enforcement) for fraud protection and criminal reduction purposes. This does not include selling, renting, sharing, or otherwise disclosing Personal Information from customers for commercial purposes in violation of this Privacy Statement.

INTERNATIONAL DATA TRANSFERS FROM THE UK

Our business operations are located in the UK and in other countries. Some of the third parties we work with are based outside of the UK, so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure that it is protected by implementing one of the following safeguards:

We will only transfer your personal data to countries that can provide an adequate level of protection for personal data. For further details, see this information from the Information Commissioner's Office.
Where we use overseas service providers, we may use specific contracts approved by the UK which give personal data the same protection that it has in the UK. For further details, see this information from the Information Commissioner's Office.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

RETENTION OF YOUR INFORMATION

We may retain any information collected from you for the period necessary to fulfil the purposes as outlined in this Policy Statement unless a longer retention period is required by applicable law.

SECURITY OF YOUR INFORMATION

PCI compliance, short for Payment Card Industry Data Security Standard (PCI DSS), is a proprietary series of standards and best practices for payment security. The Company adheres to PCI DSS and is committed to protecting the security of your Personal Information as required by law. We use a variety of security technologies and procedures to help protect your Personal Information from loss, misuse, unauthorised access, use, disclosure, alteration and destruction.

Any information we collect will be securely processed, stored and archived in databases and backups that could reside outside of your jurisdiction, including without limitation the Hong Kong Special Administration.
If you have any questions about the security of your information, please contact us at atreg_compliance@keychainpay.com.

INHERENT RISKS AND PREVENTATIVE MEASURES

As with other mobile payment software, there is always the possibility that KeyChain Pay could be mis-used as a tool for hacking and/or phishing and/or money laundering including but not limited to the use of stolen Debit / Credit cards (collectively, "Risks"). The Company will establish the relevant controls and exercise all reasonable extents to minimise the Risks but the controls may not eliminate or avoid all fraudulent or wilful actions. Users are required to provide real identity and true and correct information for the use of Service.

The Company adopts payment tokenisation which replaces the traditional payment card account number with a unique digital token in online and mobile transactions. Tokens can be restricted for transactions with a specific mobile device, merchant or transaction type. The tokenisation process happens in the background in a way that is invisible to the consumer. Tokenisation is intended to reduce the threat of sensitive payment data being usable by fraudsters if compromised.

EXEMPTION OF LIABILITY

The Company, its affiliates, employees, officers and agents shall not be liable for (i) any disclosure of your Personal Information as required by law or relevant governmental authority; (ii) any disclosure of your Personal Information as a result of your own actions or negligent acts (including without limitation the disclosure by you of your Personal Information to any websites, forums, or social networking sites); (iii) any consequence resulting from hackers, computer viruses or temporary closure of our services; or (v) any consequence resulting beyond the Company’s control.

In addition, all provisions of the T&C, including without limitation the limitation of liability and indemnification provisions shall also apply.

YOUR LEGAL RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

Data Access Request: You have the right to check with our Company whether our Company has your Personal Information, or to request access to your Personal Information, or request to correct any inaccurate or changed information.

You can ascertain our data-related policies and practices and to be informed of the type of Personal Information held by us. We will not charge a fee in respect of any request for access to your Personal Information (except if your request is manifestly unfounded or excessive, or if you request further copies of your Personal Information after we have responded to your original request, in which case we are entitled to charge a reasonable fee).

Erasure, Restriction, Objection

In certain circumstances, you have the right to ask us to erase your Personal Information, or to restrict the processing of your Personal Information, or to object to our processing of your Personal Information.

Data Portability

In certain circumstances, you have the right to ask that we transfer your Personal Information to a third party, or to provide you with a copy in a machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

You should send a request for accessing or correction of data, or for reviewing the relevant policies or exercising any of your other legal rights. You should make a request to: KeyChain Pay - Compliance Team

Keychain FinTech (UK) Limited
E-mail: reg_compliance@keychainpay.com

CONTACT US

If you have questions about the privacy aspects of our products or services, please contact enquiry@keychainpay.com.

Cookie Policy (Applicable to all users)

This website (keychainpay.com) uses cookies to improve your browsing experience and to analyze site traffic. By using our website, when you consent to the use of cookies, you are consenting to our use of cookies in accordance with the terms of this policy.

What are cookies?

Cookies are small text files that are stored on your computer or mobile device when you visit our website. They are widely used to make our website work more efficiently and to provide information to us on how our users interact with our website. Cookies do not harm your computer or contain any personally identifiable information such as your name or Debit / Credit card details.

What cookies do we use?

We use both session cookies and persistent cookies on our website. Session cookies are deleted from your computer or device when you close your web browser. Persistent cookies remain stored on your computer or device until they expire or you delete them.

We use the following types of cookies on our website:

Essential cookies: These cookies are necessary for the website to function properly and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. All the Essential Cookies we use are only applicable to our registered users, you will be notified with another applicable cookie policy when you create a user account with us.
Performance cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Functionality cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Below is the list of cookies we use on our website and the purposes for which we use them:

Performance cookies	Purpose	Expiration
_ga	Used to distinguish users.	2 years
_gid	Used to distinguish users.	24 hours
_gat	Used to throttlerequest rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named dc_gtm_<property-id>	1 minute
_gat_<container-id>	Used to provide technical monitoring.	Session
_ga_<container-id>	Used to persist session state.	2 years
_gac_gb_<container-id>	Contains campaign related information.	90 days
AMP_TOKEN	Used to retrieve a Client ID from AMP Client ID service.	30 seconds to 1 year
_gac_<property-id>	Used to store campaign related information for the user.	90 days

Functional cookies	Purpose	Expiration
SOCS	Used to store a user’s state regarding their cookies choices.	13 months
CONSENT	Used to store a user’s state regarding their cookies choices.	2 years

Targeting cookies	Purpose	Expiration
__Secure-3PAPISID	Used for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.	2 years
__Secure-3PSID	Used for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.	2 years
__Secure-3PSIDCC	Used for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.	2 years
__Secure-ENID	Used to remember information that changes the way the site behaves or looks.	13 months
AEC	Used to ensure that requests within a browsing session are made by the user, and not by other sites.	6 months
NID	Used to remember information that changes the way the site behaves or looks.	1 month
DEVICE_INFO	Used to store device information.	179 Days
PREF	Used for storing information such as your preferred page configuration and playback preferences like explicit autoplay choices, shuffle content, and player size.	1 year
SIDCC	Used for protecting a user’s data from unauthorized access.	1 year
YSC	Used to ensure that requests within a browsing session are made by the user, and not by other sites.	Session
VISITOR_INFO1_LIVE	Used to detect and resolve problems with the service.	6 months

How can I change my preferences?

When you first visit our website you will be presented with our cookie management tool which enables you to set your preferences. You can also manage your cookies preferences by visiting this page.

You can also manage cookies through your web browser's setting. Most web browsers allow you to control cookies through their settings preferences. However, disabling cookies may affect the functionality of our website.

Changes to this policy

If we change the cookies we use, we will update this Cookies Policy. You always can find the latest version of this Policy on our website.

Contact us

If you have any questions about our Cookie policy, please contact us at reg_compliance@keychainpay.com.